Abstract:
We have proposed gesture passwords as a ubiquitous authentication
technology, especially targeting mobile device unlocking. Gesture
passwords present a fascinating design space for authentication. They
are distinct from graphical passwords, which resemble text-based
passwords in the sense that they allow for the password to be exactly
reproduced. In contrast, a gesture password cannot be exactly matched:
it must be recognized despite not being input by the user the same way
every time. In this talk, we will present the results of several lab and
field studies (MobiSys’14, CHI ’16, CHI ’17, UbiComp’17) on studying
usability and security of gesture passwords. We will also present the
first approach for measuring the security of gestures with guessing
attacks that model real-world attacker behavior. Our dictionary attack,
tested on newly collected user data, achieves a cracking rate of 47.71%
after two weeks of computation using 10^9 guesses. This is a difference
of 35.78 percentage points compared to the 11.93% cracking rate of a
benchmark brute-force attack. More details of these works are available
at http://securegestures.org/.

Bio:
Janne Lindqvist is an assistant professor of electrical and computer
engineering at Rutgers University. His work is frequently featured in
the popular media with close to thousand mentions so far including
several times in Scientific American, IEEE Spectrum, MIT Technology
Review, NPR , WHYY Radio, Yahoo! News, International Business Times,
Daily Mail, and recently also in ABC News Radio, CBS Radio News,
Fortune, Computerworld, Der Spiegel, London Times, Slashdot, The
Register, Wired (UK). Janne directs the Rutgers Human-Computer
Interaction and Security Engineering Lab. Janne’s work focuses on hard
real-world problems, and currently his group and his colleagues work
includes usable and secure authentication, mobile privacy,
physical-world crowdsourcing, measuring implicit racism in situ, social
protocols for wireless networking, and ecological field studies on
non-suicidal self-injurious behavior. His awards include the Best Paper
Award from MobiCom’12, the Best Paper Nominee Award from UbiComp’14, and
Sustainable Jersey Creation & Innovation Award 2014.